@Configuration
public class CorsConfig {

    @Bean
    public CorsFilter corsFilter() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration config = new CorsConfiguration();

        // 错误：不能同时设置 allowCredentials=true 和 allowedOrigin=*
        config.setAllowCredentials(true);
        config.addAllowedOrigin("http://localhost:8080"); // 明确指定前端来源
        config.addAllowedHeader("*");
        config.addAllowedMethod("*");
        config.setMaxAge(3600);

        source.registerCorsConfiguration("/**", config);
        return new CorsFilter(source);
    }
}
